Text only | Text with Images

OPNsense Forum

International Forums => German - Deutsch => Topic started by: AlxX0r on April 02, 2023, 08:28:44 AM

Title: Bug in OpenVPN per site2site? Verbindung hält nicht
Post by: AlxX0r on April 02, 2023, 08:28:44 AM
Hallo,
ich habe 2 OPN's hintereinander & diese per OpenVPN site2site miteinander verbunden (die vordere als Server & die hintere als Client). In der vergangenheit hat das auch gut funktioniert, nur seit einem update vor ~1 Woche tut das nichtmehr. Der Client disconnected einfach immerwieder & ich weiß nicht warum.
Hier ein auszug aus der Log des Clienten:
Code Select
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client disconnected
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client disconnected
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: CMD 'state'
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client disconnected
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client disconnected
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: CMD 'state'
2023-04-02T08:02:29 Notice openvpn_client1 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2023-04-02T08:00:57 Notice openvpn_client1 Initialization Sequence Completed
2023-04-02T08:00:56 Notice openvpn_client1 Peer Connection Initiated with [AF_INET]87.179.140.223:1194
2023-04-02T08:00:47 Notice openvpn_client1 UDP link remote: [AF_INET]87.179.140.223:1194
2023-04-02T08:00:47 Notice openvpn_client1 UDP link local (bound): [AF_INET]192.168.101.10:0
2023-04-02T08:00:47 Notice openvpn_client1 Socket Buffers: R=[42080->42080] S=[57344->57344]
2023-04-02T08:00:47 Notice openvpn_client1 TCP/UDP: Preserving recently used remote address: [AF_INET]87.179.140.223:1194
2023-04-02T08:00:47 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-04-02T08:00:47 Notice openvpn_client1 /sbin/route add -net 192.168.101.0 10.10.0.1 255.255.255.0
2023-04-02T08:00:47 Notice openvpn_client1 /sbin/route add -net 192.168.101.0 10.10.0.1 255.255.255.0
2023-04-02T08:00:47 Notice openvpn_client1 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1605 10.10.0.2 10.10.0.1 init
2023-04-02T08:00:47 Notice openvpn_client1 /sbin/ifconfig ovpnc1 10.10.0.2 10.10.0.1 mtu 1500 netmask 255.255.255.255 up
2023-04-02T08:00:47 Notice openvpn_client1 TUN/TAP device /dev/tun1 opened
2023-04-02T08:00:47 Notice openvpn_client1 TUN/TAP device ovpnc1 exists previously, keep at program end
2023-04-02T08:00:47 Notice openvpn_client1 ROUTE_GATEWAY 192.168.101.1/255.255.255.0 IFACE=vtnet1 HWADDR=26:25:02:2e:e7:50
2023-04-02T08:00:46 Notice openvpn_client1 Incoming Static Key Encryption: Using 512 bit message hash 'SHA3-512' for HMAC authentication
2023-04-02T08:00:46 Notice openvpn_client1 Incoming Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-04-02T08:00:46 Notice openvpn_client1 Outgoing Static Key Encryption: Using 512 bit message hash 'SHA3-512' for HMAC authentication
2023-04-02T08:00:46 Notice openvpn_client1 Outgoing Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-04-02T08:00:46 Warning openvpn_client1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-04-02T08:00:46 Notice openvpn_client1 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
2023-04-02T08:00:46 Notice openvpn_client1 library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
2023-04-02T08:00:46 Notice openvpn_client1 OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 23 2023
2023-04-02T08:00:46 Warning openvpn_client1 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-04-02T08:00:46 Warning openvpn_client1 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

Und hier des Servers:
Code Select
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:54:48 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:41 Notice openvpn_server1 Initialization Sequence Completed
2023-04-02T08:54:40 Notice openvpn_server1 Peer Connection Initiated with [AF_INET]87.179.140.223:5745
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client disconnected
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2023-04-02T08:54:30 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2023-04-02T08:54:23 Notice openvpn_server1 UDPv4 link remote: [AF_UNSPEC]
2023-04-02T08:54:23 Notice openvpn_server1 UDPv4 link local (bound): [AF_INET]192.168.178.151:1194
2023-04-02T08:54:23 Notice openvpn_server1 Socket Buffers: R=[42080->42080] S=[57344->57344]
2023-04-02T08:54:23 Warning openvpn_server1 Could not determine IPv4/IPv6 protocol. Using AF_INET
2023-04-02T08:54:23 Notice openvpn_server1 /sbin/route add -net 192.168.1.0 10.10.0.2 255.255.255.0
2023-04-02T08:54:23 Notice openvpn_server1 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=vtnet1 HWADDR=f6:b6:39:05:c4:03
2023-04-02T08:54:23 Notice openvpn_server1 Incoming Static Key Encryption: Using 512 bit message hash 'SHA3-512' for HMAC authentication
2023-04-02T08:54:23 Notice openvpn_server1 Incoming Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-04-02T08:54:23 Notice openvpn_server1 Outgoing Static Key Encryption: Using 512 bit message hash 'SHA3-512' for HMAC authentication
2023-04-02T08:54:23 Notice openvpn_server1 Outgoing Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-04-02T08:54:23 Warning openvpn_server1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-04-02T08:54:23 Notice openvpn_server1 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
2023-04-02T08:54:23 Notice openvpn_server1 library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
2023-04-02T08:54:23 Notice openvpn_server1 OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 23 2023
2023-04-02T08:54:23 Warning openvpn_server1 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-04-02T08:54:23 Warning openvpn_server1 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

aber auch wenn ich in der Client config die Haken bei "Don't pull routes" & "Don't add/remove routes" wegklicke, löst das nicht das Problem & er disconnected trotzdem immerwieder nur bleibt dann eben die Warnmeldung weg.

Ich habe es genau nach Anleitung eingerichtet & hat eig. auch immer so gut funktioniert, nun weiß ich nichtmehr weiter & hoffe es kann jmd. hier weiterhelfen?
Oder ist es doch ein Bug & ich muss warten bis die nächsten updates das Problem fixen?...
Text only | Text with Images